Custom Role UI shows unassignable permissions

[angrycub]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

When adding permissions to a custom role in the Coder UI, there are 3 invalid permissions that display for workspace_dormant: application_connect, ssh, & start. Selecting any of these permissions will cause the role to fail to build. In 2.18.5 it is an opaque error. In a 2.19 build it printed the error, which helped make it clear which permissions caused the failure state. These errors are also presented individually, causing me to have to perform iterative corrections to the permissions rather than a single correction pass.

Relevant Log Output

In 2.18.5 the console shows the following error on the post to roles:

{message: "Failed to update role permissions",…}
detail
: 
"org=\"e8a35c83-41ae-46e5-a140-236ac51989df\": invalid permission for action=\"application_connect\" type=\"workspace_dormant\", not allowed to grant this permission"
message
: 
"Failed to update role permissions"

Expected Behavior

I would expect invalid permissions to not be presented as an option in the UI.

Steps to Reproduce

1. Create a custom role on a Premium-licensed Coder instance.
2. Click Show advanced permissions.
3. For my test, I selected all of the top level permissions; however, it is sufficient to select all of the workspace_dormant permissions.
4. Click Create Role
5. Receive error.

Environment

• Host OS:
• Coder version:

Additional Context

No response

[matifali]

cc: @stirby, @Kira-Pilot for Orgs